<?php
	function generateRandomString($length = 10) {
	    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
	    $randomString = '';
	    for ($i = 0; $i < $length; $i++) {
		$randomString .= $characters[rand(0, strlen($characters) - 1)];
	    }
	    return $randomString;
	}

	session_start();

	if (!isset($_SESSION['login']) && !$_SESSION['login'] == true) {
		header ("Location: index.php");
	}
	
	include 'config.php';
	
	if(isset($_GET['id']))
	{
		include("sendmail.php");
	
		$ToAdd = $_GET['id'];

		if($ToAdd == 'company')
		{
			$companyname = $_POST['companyname'];
			$companyemail = $_POST['companyemail'];
			$managername = $_POST['managername'];
			$manageremail = $_POST['manageremail'];
			$managerpassword = generateRandomString();
			
			$stmt = $con->prepare('INSERT INTO Company (Name, Email) VALUES (?, ?)');
			$stmt->bind_param('ss', $companyname, $companyemail);
			$stmt->execute();
			
			$companyID = mysqli_insert_id($con);
			
			$stmt = $con->prepare('INSERT INTO User (Name, Login, Password, UserRoleID, CompanyID, ResetKey) VALUES (?,?,?,2,?,?)');
			$stmt->bind_param('sssis', $managername, $manageremail, $managerpassword, $companyID, $managerpassword);
			$stmt->execute();
			
			$managerID = mysqli_insert_id($con);
			
			$stmt = $con->prepare('UPDATE User SET SupervisorID = ? WHERE ID = ?');
			$stmt->bind_param('ii', $managerID, $managerID);
			$stmt->execute();

			mysqli_close($con);
				
			sendAccountInfo($manageremail, $managername, $managerpassword,1);
			
			$_SESSION['Popup'] = $companyname;
			$_SESSION['MessageKey']="skapad";
			
			header ("Location: listusers.php");
		}
		else if($ToAdd == 'manager')
		{
			$managername = $_POST['newmanagername'];
			$manageremail = $_POST['newmanageremail'];
			$companyID = $_POST['companyID'];
			$managerpassword = generateRandomString();
			
			$stmt = $con->prepare('INSERT INTO User (Name, Login, Password, UserRoleID, CompanyID, ResetKey) VALUES (?,?,?,2,?,?)');
			$stmt->bind_param('sssis', $managername, $manageremail, $managerpassword, $companyID, $managerpassword);
			$stmt->execute();
			
			$managerID = mysqli_insert_id($con);
			
			$stmt = $con->prepare('UPDATE User SET SupervisorID = ? WHERE ID = ?');
			$stmt->bind_param('ii', $managerID, $managerID);
			$stmt->execute();

			mysqli_close($con);
				
			sendAccountInfo($manageremail, $managername, $managerpassword,1);

			$_SESSION['Popup'] = $managername;
			$_SESSION['MessageKey']="skapad";
			
			header ("Location: editCompany.php?ID=" . $companyID);
		}
		else if($ToAdd == 'employee')
		{
			$employeename = $_POST['newemployeename'];
			$employeeemail = $_POST['newemployeeemail'];
			$companyID = $_POST['companyID'];
			$supervisorID = $_POST['supervisorID'];
			$employeepassword = generateRandomString();
			
			$stmt = $con->prepare('INSERT INTO User (Name, Login, Password, UserRoleID, CompanyID, ResetKey, SupervisorID) VALUES (?,?,?,3,?,?,?)');
			$stmt->bind_param('sssisi', $employeename, $employeeemail, $employeepassword, $companyID, $employeepassword, $supervisorID);
			$stmt->execute();

			mysqli_close($con);
				
			sendAccountInfo($employeeemail, $managername, $managerpassword,2);

			$_SESSION['Popup'] = $employeename;
			$_SESSION['MessageKey']="skapad";
			
			header ("Location: listusers.php");
		}
	}
	else 
		echo "Error: No ID found.";
    

?>